LinkedIn says 6.5 million passwords posted on hacker site

LinkedIn, owner of the world’s biggest professional-networking website, said Thursday that 6.5 million user passwords were posted on a hacker site, and the company is working with the FBI on the security breach.

A day after confirming that some accounts were compromised, the Mountain View, Calif.-based company disclosed the number of users affected and said in a blog post that a small subset of them had their passwords decoded and published. LinkedIn said it hasn’t received any verified reports of unauthorized access to member accounts.

“Our first priority was to lock down and protect the accounts associated with the decoded passwords that we believed were at the greatest risk,” LinkedIn said. “We’ve invalidated those passwords and contacted those members with a message that lets them know how to reset their passwords.”

LinkedIn’s hacking was followed by revelations that some customers of CBS’s Last.fm music site and EHarmony’s dating site had passwords stolen. Both companies suggested that users immediately change their passwords. LinkedIn, with more than 160 million members, said it has been investigating the matter “nonstop” since Wednesday morning and is collaborating with law enforcement as the probe proceeds.

Story continues below advertisement.

Erin O’Harra, a spokeswoman at LinkedIn, confirmed that the company is in contact with the Federal Bureau of Investigation. Peter Lee, an FBI spokesman in San Francisco, said the agency has been in contact with LinkedIn since the incident and is working with the company. He declined to provide details about the investigation.